Researchers have come up with a fix for a path traversal bug first spotted in 2010

A security bug that surfaced fifteen years ago in a public post on GitHub has survived developers' attempts on its life.

Despite multiple developer warnings about the 2010 GitHub Gist containing the path traversal vulnerability in 2012, 2014, and 2018, the flaw appeared in MDN Web Docs documentation and a Stack Overflow snippet.

From there, it took up residence in large language models (LLMs) trained on the flawed examples.

But its days may be numbered.

"The vulnerable code snippet was found first in 2010 in a GitHub Gist, and it spread to Stack Overflow, famous companies, tutorials, and even university courses," Jafar Akhoundali, a PhD candidate from Leiden University in The Netherlands, told The Register in an email.

It even contaminated LLMs and made them produce mostly insecure code when asked to write code for this task

"Most people failed to point out it's vulnerable, and although the vulnerability ...